CVE-2017-10670

Опубликовано: 30 июн. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure.

Ссылки

http://seclists.org/fulldisclosure/2017/Jun/44
Mailing List
Third Party Advisory
http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html
Technical Description
Third Party Advisory
http://seclists.org/fulldisclosure/2017/Jun/44
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xoev:osci_transport_library:1.6:*:*:*:.net:*:*:*

cpe:2.3:a:xoev:osci_transport_library:1.6.1:*:*:*:java:*:*:*

EPSS

Процентиль: 58%

0.00368

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-g5jf-3pr8-vjwm